|
1317.1.5
by Monty Taylor
Added Authorization interface. |
1 |
/* -*- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; -*-
|
2 |
* vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
|
|
3 |
*
|
|
4 |
* Definitions required for Authorization plugin
|
|
5 |
*
|
|
6 |
* Copyright (C) 2010 Monty Taylor
|
|
7 |
*
|
|
8 |
* This program is free software; you can redistribute it and/or modify
|
|
9 |
* it under the terms of the GNU General Public License as published by
|
|
10 |
* the Free Software Foundation; version 2 of the License.
|
|
11 |
*
|
|
12 |
* This program is distributed in the hope that it will be useful,
|
|
13 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
14 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
15 |
* GNU General Public License for more details.
|
|
16 |
*
|
|
17 |
* You should have received a copy of the GNU General Public License
|
|
18 |
* along with this program; if not, write to the Free Software
|
|
19 |
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
20 |
*/
|
|
21 |
||
|
2234
by Brian Aker
Mass removal of ifdef/endif in favor of pragma once. |
22 |
#pragma once
|
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
23 |
|
|
2173.2.1
by Monty Taylor
Fixes incorrect usage of include |
24 |
#include <drizzled/plugin.h> |
25 |
#include <drizzled/plugin/plugin.h> |
|
26 |
#include <drizzled/identifier.h> |
|
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
27 |
|
28 |
#include <string> |
|
29 |
#include <set> |
|
30 |
||
|
2173.2.1
by Monty Taylor
Fixes incorrect usage of include |
31 |
#include <drizzled/visibility.h> |
|
2119.4.1
by Monty Taylor
Turns on -fvisibility=hidden by default. Symbols intended to be used by |
32 |
|
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
33 |
namespace drizzled |
34 |
{
|
|
35 |
||
36 |
namespace plugin |
|
37 |
{
|
|
38 |
||
|
2119.4.1
by Monty Taylor
Turns on -fvisibility=hidden by default. Symbols intended to be used by |
39 |
class DRIZZLED_API Authorization : public Plugin |
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
40 |
{
|
41 |
public: |
|
42 |
explicit Authorization(std::string name_arg) |
|
43 |
: Plugin(name_arg, "Authorization") |
|
44 |
{}
|
|
45 |
||
46 |
/**
|
|
47 |
* Should we restrict the current user's access to this schema?
|
|
48 |
*
|
|
49 |
* @param Current security context
|
|
50 |
* @param Database to check against
|
|
51 |
*
|
|
52 |
* @returns true if the user cannot access the schema
|
|
53 |
*/
|
|
|
2008.1.1
by Brian Aker
Adding user identifier that makes use of a shared ptr to handle concurrency |
54 |
virtual bool restrictSchema(const drizzled::identifier::User &user_ctx, |
|
2246.4.9
by Olaf van der Spek
Remove const_reference and reference from identifier::Schema |
55 |
const identifier::Schema& schema)= 0; |
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
56 |
|
57 |
/**
|
|
58 |
* Should we restrict the current user's access to this table?
|
|
59 |
*
|
|
60 |
* @param Current security context
|
|
61 |
* @param Database to check against
|
|
62 |
* @param Table to check against
|
|
63 |
*
|
|
64 |
* @returns true if the user cannot access the table
|
|
65 |
*/
|
|
|
2246.4.11
by Olaf van der Spek
Remove const_reference and reference from identifier::User |
66 |
virtual bool restrictTable(const drizzled::identifier::User& user_ctx, |
|
2246.4.10
by Olaf van der Spek
Remove const_reference and reference from identifier::Table |
67 |
const drizzled::identifier::Table& table); |
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
68 |
|
69 |
/**
|
|
70 |
* Should we restrict the current user's access to see this process?
|
|
71 |
*
|
|
72 |
* @param Current security context
|
|
73 |
* @param Database to check against
|
|
74 |
* @param Table to check against
|
|
75 |
*
|
|
76 |
* @returns true if the user cannot see the process
|
|
77 |
*/
|
|
|
2008.1.1
by Brian Aker
Adding user identifier that makes use of a shared ptr to handle concurrency |
78 |
virtual bool restrictProcess(const drizzled::identifier::User &user_ctx, |
79 |
const drizzled::identifier::User &session_ctx); |
|
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
80 |
|
81 |
/** Server API method for checking schema authorization */
|
|
|
2246.4.11
by Olaf van der Spek
Remove const_reference and reference from identifier::User |
82 |
static bool isAuthorized(const drizzled::identifier::User& user_ctx, |
|
2246.4.9
by Olaf van der Spek
Remove const_reference and reference from identifier::Schema |
83 |
const identifier::Schema& schema_identifier, |
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
84 |
bool send_error= true); |
85 |
||
86 |
/** Server API method for checking table authorization */
|
|
|
2246.4.11
by Olaf van der Spek
Remove const_reference and reference from identifier::User |
87 |
static bool isAuthorized(const drizzled::identifier::User& user_ctx, |
|
2246.4.10
by Olaf van der Spek
Remove const_reference and reference from identifier::Table |
88 |
const drizzled::identifier::Table& table_identifier, |
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
89 |
bool send_error= true); |
90 |
||
91 |
/** Server API method for checking process authorization */
|
|
|
2246.4.11
by Olaf van der Spek
Remove const_reference and reference from identifier::User |
92 |
static bool isAuthorized(const drizzled::identifier::User& user_ctx, |
|
2159.2.7
by Brian Aker
Merge in shared ptr modification for auth (namely we don't take the hit for |
93 |
const Session &session, |
|
2015.3.1
by Brian Aker
Encapsulate client call. Also remove the need to call current_session when |
94 |
bool send_error= true); |
95 |
||
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
96 |
/**
|
97 |
* Server API helper method for applying authorization tests
|
|
98 |
* to a set of schema names (for use in the context of getSchemaNames
|
|
99 |
*/
|
|
|
2246.4.11
by Olaf van der Spek
Remove const_reference and reference from identifier::User |
100 |
static void pruneSchemaNames(const drizzled::identifier::User& user_ctx, |
|
2252.1.9
by Olaf van der Spek
Common fwd |
101 |
identifier::schema::vector &set_of_schemas); |
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
102 |
|
103 |
/**
|
|
104 |
* Standard plugin system registration hooks
|
|
105 |
*/
|
|
106 |
static bool addPlugin(plugin::Authorization *auth); |
|
107 |
static void removePlugin(plugin::Authorization *auth); |
|
108 |
||
109 |
};
|
|
110 |
||
|
2246.4.11
by Olaf van der Spek
Remove const_reference and reference from identifier::User |
111 |
inline bool Authorization::restrictTable(const drizzled::identifier::User& user_ctx, |
|
2246.4.10
by Olaf van der Spek
Remove const_reference and reference from identifier::Table |
112 |
const drizzled::identifier::Table& table) |
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
113 |
{
|
|
1471.2.2
by Monty Taylor
Updated Authorization plugin interface to use new Schema|TableIdentifier |
114 |
return restrictSchema(user_ctx, table); |
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
115 |
}
|
116 |
||
|
2008.1.1
by Brian Aker
Adding user identifier that makes use of a shared ptr to handle concurrency |
117 |
inline bool Authorization::restrictProcess(const drizzled::identifier::User &, |
118 |
const drizzled::identifier::User &) |
|
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
119 |
{
|
120 |
return false; |
|
121 |
}
|
|
122 |
||
123 |
} /* namespace plugin */ |
|
124 |
||
125 |
} /* namespace drizzled */ |
|
126 |